32 lines
870 B
Nix
32 lines
870 B
Nix
{ ... }:
|
|
|
|
{
|
|
networking.firewall.interfaces.wg0.allowedTCPPorts = [
|
|
2222
|
|
3000
|
|
];
|
|
|
|
services.forgejo = {
|
|
enable = true;
|
|
settings.service.DISABLE_REGISTRATION = true;
|
|
settings.actions.ENABLED = true;
|
|
settings.server = {
|
|
DOMAIN = "forgejo.ellie.town";
|
|
ROOT_URL = "https://forgejo.ellie.town/";
|
|
HTTP_ADDR = "10.10.0.2";
|
|
HTTP_PORT = 3000;
|
|
START_SSH_SERVER = true;
|
|
SSH_DOMAIN = "forgejo.ellie.town";
|
|
SSH_PORT = 2222;
|
|
SSH_LISTEN_PORT = 2222;
|
|
};
|
|
};
|
|
|
|
# Forgejo binds HTTP to 10.10.0.2 (the wg0 inner address). Without this
|
|
# ordering, forgejo races wireguard at boot, fails to bind, and stays up
|
|
# only on its all-interfaces SSH listener — leaving the web UI 502'd.
|
|
systemd.services.forgejo = {
|
|
after = [ "wireguard-wg0.service" ];
|
|
requires = [ "wireguard-wg0.service" ];
|
|
};
|
|
}
|